forked from cory/tildefriends
apps
core
deps
codemirror
crypt_blowfish
libbacktrace
libbacktrace_config
libsodium
libuv
lit
openssl
android
ios
ios64-xcrun
usr
local
include
crypto
internal
__DECC_INCLUDE_EPILOGUE.H
__DECC_INCLUDE_PROLOGUE.H
asn1.h
bio.h
bio_addr.h
bio_tfo.h
common.h
comp.h
conf.h
constant_time.h
core.h
cryptlib.h
dane.h
deprecated.h
der.h
deterministic_nonce.h
dso.h
dsoerr.h
e_os.h
endian.h
err.h
event_queue.h
ffc.h
hpke_util.h
ktls.h
list.h
namemap.h
nelem.h
numbers.h
o_dir.h
packet.h
packet_quic.h
param_build_set.h
param_names.h
param_names.h.in
params.h
passphrase.h
priority_queue.h
property.h
propertyerr.h
provider.h
quic_ackm.h
quic_cc.h
quic_cfq.h
quic_channel.h
quic_demux.h
quic_error.h
quic_fc.h
quic_fifd.h
quic_reactor.h
quic_record_rx.h
quic_record_tx.h
quic_record_util.h
quic_rx_depack.h
quic_sf_list.h
quic_ssl.h
quic_statm.h
quic_stream.h
quic_stream_map.h
quic_thread_assist.h
quic_tls.h
quic_tserver.h
quic_txp.h
quic_txpim.h
quic_types.h
quic_vlint.h
quic_wire.h
quic_wire_pkt.h
recordmethod.h
refcount.h
ring_buf.h
safe_math.h
sha3.h
sizes.h
sm3.h
sockets.h
ssl.h
ssl3_cbc.h
sslconf.h
statem.h
symhacks.h
thread.h
thread_arch.h
thread_once.h
time.h
tlsgroups.h
tsan_assist.h
uint_set.h
unicode.h
openssl
lib
iossimulator-xcrun
mingw64
picohttpparser
quickjs
speedscope
sqlite
xopt
zlib
docs
src
tools
.dockerignore
Dockerfile
GNUmakefile
LICENSE
README.md
123 lines
4.2 KiB
C
123 lines
4.2 KiB
C
|
/*
|
||
|
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
*
|
||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
* this file except in compliance with the License. You can obtain a copy
|
||
|
* in the file LICENSE in the source distribution or at
|
||
|
* https://www.openssl.org/source/license.html
|
||
|
*/
|
||
|
|
||
|
#ifndef OSSL_INTERNAL_PASSPHRASE_H
|
||
|
# define OSSL_INTERNAL_PASSPHRASE_H
|
||
|
# pragma once
|
||
|
|
||
|
/*
|
||
|
* This is a passphrase reader bridge with bells and whistles.
|
||
|
*
|
||
|
* On one hand, an API may wish to offer all sorts of passphrase callback
|
||
|
* possibilities to users, or may have to do so for historical reasons.
|
||
|
* On the other hand, that same API may have demands from other interfaces,
|
||
|
* notably from the libcrypto <-> provider interface, which uses
|
||
|
* OSSL_PASSPHRASE_CALLBACK consistently.
|
||
|
*
|
||
|
* The structure and functions below are the fundaments for bridging one
|
||
|
* passphrase callback form to another.
|
||
|
*
|
||
|
* In addition, extra features are included (this may be a growing list):
|
||
|
*
|
||
|
* - password caching. This is to be used by APIs where it's likely
|
||
|
* that the same passphrase may be asked for more than once, but the
|
||
|
* user shouldn't get prompted more than once. For example, this is
|
||
|
* useful for OSSL_DECODER, which may have to use a passphrase while
|
||
|
* trying to find out what input it has.
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* Structure to hold whatever the calling user may specify. This structure
|
||
|
* is intended to be integrated into API specific structures or to be used
|
||
|
* as a local on-stack variable type. Therefore, no functions to allocate
|
||
|
* or freed it on the heap is offered.
|
||
|
*/
|
||
|
struct ossl_passphrase_data_st {
|
||
|
enum {
|
||
|
is_expl_passphrase = 1, /* Explicit passphrase given by user */
|
||
|
is_pem_password, /* pem_password_cb given by user */
|
||
|
is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */
|
||
|
is_ui_method /* UI_METHOD given by user */
|
||
|
} type;
|
||
|
union {
|
||
|
struct {
|
||
|
char *passphrase_copy;
|
||
|
size_t passphrase_len;
|
||
|
} expl_passphrase;
|
||
|
|
||
|
struct {
|
||
|
pem_password_cb *password_cb;
|
||
|
void *password_cbarg;
|
||
|
} pem_password;
|
||
|
|
||
|
struct {
|
||
|
OSSL_PASSPHRASE_CALLBACK *passphrase_cb;
|
||
|
void *passphrase_cbarg;
|
||
|
} ossl_passphrase;
|
||
|
|
||
|
struct {
|
||
|
const UI_METHOD *ui_method;
|
||
|
void *ui_method_data;
|
||
|
} ui_method;
|
||
|
} _;
|
||
|
|
||
|
/*-
|
||
|
* Flags section
|
||
|
*/
|
||
|
|
||
|
/* Set to indicate that caching should be done */
|
||
|
unsigned int flag_cache_passphrase:1;
|
||
|
|
||
|
/*-
|
||
|
* Misc section: caches and other
|
||
|
*/
|
||
|
|
||
|
char *cached_passphrase;
|
||
|
size_t cached_passphrase_len;
|
||
|
};
|
||
|
|
||
|
/* Structure manipulation */
|
||
|
|
||
|
void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data);
|
||
|
void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data);
|
||
|
|
||
|
int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data,
|
||
|
const unsigned char *passphrase,
|
||
|
size_t passphrase_len);
|
||
|
int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data,
|
||
|
pem_password_cb *cb, void *cbarg);
|
||
|
int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data,
|
||
|
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg);
|
||
|
int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data,
|
||
|
const UI_METHOD *ui_method, void *ui_data);
|
||
|
|
||
|
int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data);
|
||
|
int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data);
|
||
|
|
||
|
/* Central function for direct calls */
|
||
|
|
||
|
int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
|
||
|
const OSSL_PARAM params[], int verify,
|
||
|
struct ossl_passphrase_data_st *data);
|
||
|
|
||
|
/* Callback functions */
|
||
|
|
||
|
/*
|
||
|
* All of these callback expect that the callback argument is a
|
||
|
* struct ossl_passphrase_data_st
|
||
|
*/
|
||
|
|
||
|
pem_password_cb ossl_pw_pem_password;
|
||
|
pem_password_cb ossl_pw_pvk_password;
|
||
|
/* One callback for encoding (verification prompt) and one for decoding */
|
||
|
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;
|
||
|
OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;
|
||
|
|
||
|
#endif
|